Tag Archives | XML

XXE Injection Attacks or XML External Entity vulnerabilities are a specific type of Server Side Request Forgery or SSRF attack relating to abusing features within XML parsers. The features these attacks go after are widely available but rarely used and when trigged can cause a DoS (Denial of Service) attack and in some cases much […]

OpenIOC is an open framework for sharing threat intelligence, sophisticated threats require sophisticated indicators. In the current threat environment, rapid communication of pertinent threat information is the key to quickly detecting, responding and containing targeted attacks. OpenIOC is designed to fill a void that currently exists for organizations that want to share threat information both […]

Oh look, another serious flaw in Windows – and this one is really bad because it can be exploited directly in Internet Explorer. And even worse than that, this vulnerability is actually being exploited in the wild by cybercriminals – this shows it’s no longer a theoretical attack. Plus of course the fact, it’s actually […]

wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool and […]

Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer. Fuzzing is definitely becoming an important part of Pen Testing and especially application security – we’ve published about quite a few and I’m sure there are more in development. Anyway, […]

ServiceCapture runs on your pc and captures all HTTP traffic sent from your browser or IDE. It is designed to help Rich Internet Application(RIA) developers in the debugging, analysis, and testing of their applications. You can download the free trial below. After it is installed and running, visit the Macromedia Exchange with your web browser […]